Policy enforcement

Policy enforcement is the manner in which IBM Security Identity Manager allows or disallows accounts that violate provisioning policies.

When a provisioning policy, person, account data, or dynamic role is changed, an account that was originally compliant with a provisioning policy can become noncompliant.

If a role is a member of another organizational role in a provisioning policy, then that role member also inherits the permissions of provisioning policy.

When a policy enforcement action is set to Global, the policy enforcement for any service is defined by the global or default configuration setting.

We can set the policy enforcement action as Mark, Suspend, Correct, Alert, or Use Global Enforcement Action: Mark. See Policy enforcement actions in Policy enforcement.

Parent topic: Provisioning policies